Language:
SEARCH

report phishing

Phishing scam disguised as the university’s single-sign on page

Wednesday, May 16th, 2018

Due to the vigilance of an observant personnel member from the US Business School, we have encountered a dangerous phishing scam being sent from a compromised UNISA account.

The Subject is “Dear SUN E-mail User © Copyright 2018 Stellenbosch University” which should immediately raise eyebrows. The phishing email “warns” you about the pending expiration of your e-mail account and prompts you to click on a link to reactivate it.

See below what the mail looks like:

The danger is that the phishing scammers have perfectly forged the university’s SINGLE SIGN-ON page, that is used by students an personnel to access the portal pages, the my.sun.ac.za page, SUNLearn etc., as you can see below. Not many people will notice that the address is not a university address, neither is it secure.

It is imperative that you do not click on the link in the mail, and do not provide the scammers with your username and password as they might be able to access the university’s systems that are accessible through the Single Sign-On page.

Last year scammers were able to forge the e-HR login page through a phishing scam and several staff members had their bank accounts details and other personal details exposed to the scammers.  In the light of the issues that Tygerberg staff have been having with general network access earlier this month, and this week’s issue with e-mail, the arrival of this sort of mail at this time can fool some people into thinking that it is legitimate and lead to compromised network and e-mail accounts.

Here’s how to report any phishing or spam mail:

Send the spam/phishing mail to help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible.
1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
2. Use the Title “SPAM” (without quotes) in the Subject.
3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
4. Send the mail.

[Information supplied by David Wiles]

Phishing scam about reaching your mailbox storage limit

Tuesday, March 6th, 2018

Monday started with a phishing scam threatening to close your mailbox, and Monday is ending with another attack, using a similar intimidation tactic about your mailbox size.

The grammar and spelling is very poor on this one so it should be rather easy to spot. However the use of University branding and “STELLENBOSCH HELP DESK” might fool some people.


The Subject will be “We apologies” (sic)

Dear User,

You have reached the storage limit for your mailbox. Please visit the following link to complete your e-mail access restore.

Follow this link to complete the process: Click Restore

STELLENBOSCH HELP DESK


If you do click on the link (which does not go to a university website) …this webpage will appear. 

 

 

Many thanks to all of you who reported this.

Remember these 5 guidelines:

  1. Information Technology will never request sensitive information such as passwords.
  2. Phishing e-mails often appear as an important notice or urgent matter such as threats that your mailbox is over quota.
  3. Use of aggressive or intimidating language such as ‘immediately’ and threats of consequences of not verifying your account.
  4. Misspelled words and poor grammar that take away from the professional context of the e-mail. (this one is quite obvious)
  5. Use of an impersonal greeting. (Dear User)

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za  and sysadm@sun.ac.za

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT have set up a website page with useful information on how to report and combat phishing and spam. The address is:http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

[Article by David Wiles]

 

Phishing with subject “Email Expired”

Thursday, February 1st, 2018

Several students and personnel have informed us of a “new” mail making its rounds on our campuses.

The sender is “Postmaster” with the subject of “Email Expired”. This phishing scam tells you that your e-mail account will shortly expire and uses scare tactics to convince you to “click” on a link to activate your email.

Information Technology will never send you this type of email, ask you to click on a link or provide your username or password. Do not respond to these emails or click on links.

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to the following addresses

help@sun.ac.za and sysadm@sun.ac.za.

Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

  1. Start up a new mail addressed to sysadm@sun.ac.za (CC: help@sun.ac.za)
  2. Use the Title “SPAM” (without quotes) in the Subject.
  3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.
  4. Send the mail.

IF YOU HAVE FALLEN FOR THE SCAM:

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

IT has set up a website page with useful information on how to report and combat phishing and spam. The address is: http://blogs.sun.ac.za/it/en/2017/11/reporting-spam-malware-and-phishing/

 

[Article by David Wiles]

 

Reporting Spam, Malware and Phishing    

Thursday, November 2nd, 2017

At Stellenbosch University, we encourage our customers to submit potential spam, malware and phishing examples for review. Using these submissions, the CSIRT team can learn from the analysis of these messages. This collectively helps to improve the level of virus and spam detection.

Identifying types of unwanted mail

1.    Malware

Malware or “malicious software” is software designed to damage or execute unwanted actions on a computer system or device.  It can also infect and take over a person’s device turning it into a botnet. This means the cybercriminal gains control over the device and utilises it to distribute malware to other people’s devices and profiles users. Common examples of malware include viruses, worms, Trojan horses, and spyware.

2.    Phishing

Phishing attacks are designed to steal a person’s login and password details so that the cybercriminal can assume control of the victim’s social network, email, and online bank accounts. Seventy percent of internet users choose the same password for almost every web service they use. This is why phishing is so effective, as the criminal, by using the same login details, can access multiple private accounts and manipulate them for their own good. 

3.    Spamming

Spamming is when a cybercriminal sends emails designed to lure a victim into spending money on counterfeit or fake goods. Botnets, such as Rustock, send the majority of spam messages, often advertising pharmaceutical products or security software, which people believe they need to solve security issues which don’t actually exist. 

Submitting Examples

1.    Submitting Spam Examples

 Spam examples must be sent in either.EML or .MSG format as an attachment and must not be forwarded. This ensures the original email can be analysed with its full Internet message headers intact.

 The best way to manually submit a spam example is to:

  1. Create a new message.
  2. Drag and drop the spam email into the new message, so it is added as an attachment.
  3. Send to sysadm@sun.ac.za.

 Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

 

2.    Submitting Malware Examples

Files suspected to contain a malicious payload, or have wrongly been identified as a malware can be submitted to csirt@sun.ac.za for analysis. All virus submissions must be compressed (or zipped) into an archive file, and password protected. The CSIRT team will conduct analysis on submitted examples in a sandbox environment to determine whether any malicious payload is present.

 

3.    Submitting Phishing Examples

Phishing examples must be sent in either .EML or .MSG format as an attachment, and should not be forwarded. This ensures that the original email can be analysed with its full Internet message headers intact.

 The best way to manually submit a phishing example is to:

  1. Create a new message.
  2. Drag and drop the spam email into the new message, so it is added as an attachment.
  3. Send the email and attachment to help@sun.ac.za or csirt@sun.ac.za

 Alternatively, use the mail application to save the email (usually located under File | Save As) as an .EML or .MSG format to a folder location, and attach the saved file to a new email.

 

© 2013-2018 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.